Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.105298 |
Category: | Web application abuses |
Title: | CUPS < 2.0.3 Multiple Vulnerabilities |
Summary: | Various versions of CUPS are vulnerable;to a privilege escalation due to a memory management error. |
Description: | Summary: Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error. Vulnerability Insight: CVE-2015-1158: An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing 'admin/conf' and 'admin' ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks. CVE-2015-1159: A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web. In certain cases, the CGI template can echo user input to file rather than escaping the text first. This may be used to set up a reflected XSS attack in the QUERY parameter of the web interface help page. By default, many linux distributions run with the web interface activated, OS X has the web interface deactivated by default. Vulnerability Impact: CVE-2015-1158 may allow a remote unauthenticated attacker access to privileged operations on the CUPS server. CVE-2015-1159 may allow an attacker to execute arbitrary javascript in a user's browser. Affected Software/OS: CUPS < 2.0.3 Solution: A patch addressing these issues has been released for all supported versions of CUPS. For the version 2.0 branch (the latest release), 2.0.3 contains the patch. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 75098 BugTraq ID: 75106 Common Vulnerability Exposure (CVE) ID: CVE-2015-1158 http://www.securityfocus.com/bid/75098 CERT/CC vulnerability note: VU#810572 http://www.kb.cert.org/vuls/id/810572 Debian Security Information: DSA-3283 (Google Search) http://www.debian.org/security/2015/dsa-3283 https://www.exploit-db.com/exploits/37336/ https://www.exploit-db.com/exploits/41233/ https://security.gentoo.org/glsa/201510-07 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html https://code.google.com/p/google-security-research/issues/detail?id=455 https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py RedHat Security Advisories: RHSA-2015:1123 http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.securitytracker.com/id/1032556 SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://www.ubuntu.com/usn/USN-2629-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1159 http://www.securityfocus.com/bid/75106 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |